21 September 2017
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0153 Multiple vulnerabilities have been identified in Tenable SecurityCenter 21 September 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Tenable SecurityCenter Operating System: Linux variants Impact/Access: Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-11147 CVE-2017-11146 CVE-2017-11145 CVE-2017-11144 CVE-2017-11143 CVE-2017-11142 CVE-2017-7890 Member content until: Saturday, October 21 2017 Reference: ESB-2017.2174 ESB-2017.2027 Comment: CVE-2017-11146 has been rejected by the source.  OVERVIEW Multiple vulnerabilities have been identified in Tenable SecurityCenter versions 5.3.2, 5.4.0, 5.4.2, 5.4.5, 5.5.0, and 5.5.1.  IMPACT Tenable have provided the following details regarding the vunlnerabilities: "Tenable has released updates for SecurityCenter 5.3.2, 5.4.0, 5.4.2, 5.4.5, 5.5.0, and 5.5.1 to bring the version of PHP included with them to 5.6.31. PHP 5.6.31 addresses multiple vulnerabilities: CVE-2017-11142: In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variables.c. CVE-2017-11143: In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c. CVE-2017-11144: In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission. CVE-2017-11145: In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, lack of a bounds check in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to an ext/date/lib/parse_date.c out-of-bounds read affecting the php_parse_date function. CVE-2017-11146: In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x through 7.1.7, lack of bounds checks in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11145. CVE-2017-11147: In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c. CVE-2017-7890: PHP 'gd_gif_in.c' Memory Corruption Vulnerability Please refer to the PHP 5.6.31 release notes for more information."  MITIGATION Tenable recommends upgrading to the latest version to address these issues.  REFERENCES  [R1] SecurityCenter 5.3.2, 5.4.0, 5.4.2, 5.4.5, 5.5.0, and 5.5.1 Fixes Multiple Vulnerabilities http://www.tenable.com/security/tns-2017-12  CVE-2017-11146 Detail https://nvd.nist.gov/vuln/detail/CVE-2017-11146 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWcMToYx+lLeg9Ub1AQibyBAApdgXNbj8MN1/PprYnBZg0S5ajEEHFAuO SMPI0v+d5ltvqNZOK9yRjM8T7dwftc5sidz2wZu7H5AEUMEGPD9Czlm9vHPDSR3B iQ5vFIALJNg7NML9bBwA+IR/w4onBsu0MPTLp/ZClWAU9xiYCFK4cYKrAhyWOibD Jj63VbV2/JC8TCGafSP5jzItBNKrM4KfYAutruuVggnA+E+je+Lh3rsLg0o7BpXc S6jHS876qCiyRNNCC7mzwdP1BLBlI8fuOZMbcaH8gtE3pxv7FIO4JXLK1Jm0jaAR YMBUkaACNPzyyugF8PW2IJIueIqhi0cCdvdkMkpwipyEuI3Ta4jvUvPDHr4NoV63 JAhQiTKL2HB5Nj6faR3J8eKG66Y8UT8V9oNnH2920L0+A7bzWNUnorll6G2YU5y/ 7ydryEzgoSHcl7sVVmRHM0vgDWDgTyWgHy/gwNH9EUzE8RbtGkAptYuag6DGlKt0 dfW8cPFKOrcTC4B+5CZpMknSelKhAnr3/ULZv1IxRfVU0lFfGeTtJr0r8MwbOXA9 oiRMZIqGCxG6ZRJBzGU73wyrOc1SWqvwcnPsXtSyPLa8Qiyk45CFJGOPXue7bUd7 oLmQ/JZYUIqSOe501z6Jkd4v46p86nxLF80kImHrYFVxW4IP9HWxtf6L/GnjdzTz iuCZb1DxLVI= =ADVd -----END PGP SIGNATURE-----